This time it's Ohio University that has discovered that hackers have remotely operated at least three of their servers for as much as a year or longer.
c|net news is reporting said servers held the Social Security numbers of 137,000 people and that the university was unaware of the intrusion until the FBI notified them (the article does not say how the FBI detected the intrusion but thank goodness someone was on the job).
As the university says, functionality must be balanced with security. However, this does not mean you don't have any auditing applications in place to detect intrusions (as seems to be the case here).
It's about balance. Absolute security means absolutely no remote access. This extreme doesn't work for most people because the purpose of the server is usually to allow access to information. If no one can access it, the server serves no purpose (pun not intended). But. That does not mean you go to the other extreme and have no security.
In my opinion, there is no excuse for administrators who do not institute intrusion applications because these applications, for the most part, do not impede functionality. They don't prohibit access by hackers either but they can detect such access.
It bothers me that administrators at this university (and others) don't do the minimum required to ensure the security of their servers. We have already seen the transformation of hacking from a teenager trying to get into a server just for bragging rights to organized crime making it part of their lucrative business plan.
It is long past time that administrators took this change seriously.
Aloha!
Comments (1)
Remember, it is not system admins that are responsible, but the decision makers above them on how the money is spent. Usually they are the ones begging for resoursces to stop problems before they begin. I won't mention the titles, (cough cough deans, department heads, faculty) but the "important decision makers" don't think what we do as necessary.
Posted by luntao | May 23, 2006 10:17 AM
Posted on May 23, 2006 10:17